aboutsummaryrefslogtreecommitdiff
path: root/nixpkgs/nixos/modules/services/networking/firewall.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/firewall.nix')
-rw-r--r--nixpkgs/nixos/modules/services/networking/firewall.nix10
1 files changed, 7 insertions, 3 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/firewall.nix b/nixpkgs/nixos/modules/services/networking/firewall.nix
index 15aaf741067..cdc3a172ea7 100644
--- a/nixpkgs/nixos/modules/services/networking/firewall.nix
+++ b/nixpkgs/nixos/modules/services/networking/firewall.nix
@@ -546,9 +546,13 @@ in
options nf_conntrack nf_conntrack_helper=1
'';
- assertions = [ { assertion = (cfg.checkReversePath != false) || kernelHasRPFilter;
- message = "This kernel does not support rpfilter"; }
- ];
+ assertions = [
+ # This is approximately "checkReversePath -> kernelHasRPFilter",
+ # but the checkReversePath option can include non-boolean
+ # values.
+ { assertion = cfg.checkReversePath == false || kernelHasRPFilter;
+ message = "This kernel does not support rpfilter"; }
+ ];
systemd.services.firewall = {
description = "Firewall";
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 04:54:21 +0000